A pen test targets a web app with strict data privacy laws. Which scoping step ensures legal compliance?

You’re reviewing a C program with user input. Which line poses a buffer overflow risk?

A client needs a report for auditors showing compliance gaps. Which section should detail regulatory violations?

You’re targeting a Linux server with a vulnerable sudo configuration. Which command escalates privileges?

A target exposes port 3389 (RDP). Which command checks for weak RDP configurations?

You’re auditing a JavaScript file for security flaws. Which tool identifies potential DOM-based XSS issues?

A pen test reveals multiple vulnerabilities. Which report element prioritizes fixes based on risk?

A web server allows file uploads without validation. Which payload tests for remote code execution (RCE)?

You’re performing OSINT on a target company. Which tool extracts employee email addresses from public sources?

A client requests a pen test but mandates third-party approval for cloud-hosted systems. Which document should address this requirement?